secretstore

package
v1.2.2-dev.47 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 6, 2020 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source
const (
	VaultToken             = "X-Vault-Token"
	TokenCreatorPolicyName = "privileged-token-creator"

	// This is an admin token policy that allow for creation of
	// per-service tokens and policies
	TokenCreatorPolicy = `` /* 394-byte string literal not displayed */

)
View Source
const OneShotProvider = "oneshot"

Variables

This section is empty.

Functions

func Main

func Main(ctx context.Context, cancel context.CancelFunc, _ *mux.Router, _ chan<- bool)

Types

type Bootstrap

type Bootstrap struct {
	// contains filtered or unexported fields
}

func NewBootstrap

func NewBootstrap(insecureSkipVerify bool, vaultInterval int) *Bootstrap

func (*Bootstrap) BootstrapHandler

func (b *Bootstrap) BootstrapHandler(ctx context.Context, _ *sync.WaitGroup, _ startup.Timer, dic *di.Container) bool

BootstrapHandler fulfills the BootstrapHandler contract and performs initialization needed by the data service.

type CertCollect

type CertCollect struct {
	Pair CertPair `json:"data"`
}

type CertPair

type CertPair struct {
	Cert string `json:"cert,omitempty"`
	Key  string `json:"key,omitempty"`
}

type Certs

type Certs struct {
	// contains filtered or unexported fields
}

func NewCerts

func NewCerts(
	caller internal.HttpCaller,
	certPath string,
	rootToken string,
	secretServiceBaseURL string,
	lc logger.LoggingClient) Certs

func (*Certs) AlreadyinStore

func (cs *Certs) AlreadyinStore() (bool, error)

func (*Certs) ReadFrom

func (cs *Certs) ReadFrom(certPath string, keyPath string) (*CertPair, error)

func (*Certs) UploadToStore

func (cs *Certs) UploadToStore(cp *CertPair) error

type CmdRunner

type CmdRunner interface {
	Start() error
	Wait() error
}

CmdRunner is mockable interface for golang's exec.Cmd

type Cred

type Cred struct {
	// contains filtered or unexported fields
}

func NewCred

func NewCred(
	caller internal.HttpCaller,
	rootToken string,
	generator CredentialGenerator,
	secretServiceBaseURL string,
	lc logger.LoggingClient) Cred

func (*Cred) AlreadyInStore

func (cr *Cred) AlreadyInStore(path string) (bool, error)

func (*Cred) GeneratePassword

func (cr *Cred) GeneratePassword(ctx context.Context) (string, error)

GeneratePassword is a pass-through to the password generator

func (*Cred) UploadToStore

func (cr *Cred) UploadToStore(pair *UserPasswordPair, path string) error

type CredCollect

type CredCollect struct {
	Pair UserPasswordPair `json:"data"`
}

type CredentialGenerator

type CredentialGenerator interface {
	Generate(ctx context.Context) (string, error)
}

CredentialGenerator is the interface for pluggable password generators

func NewDefaultCredentialGenerator

func NewDefaultCredentialGenerator() CredentialGenerator

NewDefaultCredentialGenerator generates random passwords as base64-encoded strings

func NewPasswordGenerator

func NewPasswordGenerator(lc logger.LoggingClient, passwordProvider string, passwordProviderArgs []string) CredentialGenerator

NewPasswordGenerator wires up a pluggable password generator or defaults to a built-in implementation if the pluggable configuration is missing

type ExecRunner

type ExecRunner interface {
	SetStdout(stdout io.Writer)
	LookPath(file string) (string, error)
	CommandContext(ctx context.Context, name string, arg ...string) CmdRunner
}

ExecRunner is mockable interface for wrapping os/exec functionality

func NewDefaultExecRunner

func NewDefaultExecRunner() ExecRunner

NewDefaultExecRunner creates an os/exec wrapper that joins subprocesses' stdout and stderr with the caller's

type PasswordProvider

type PasswordProvider struct {
	// contains filtered or unexported fields
}

func NewPasswordProvider

func NewPasswordProvider(lc logger.LoggingClient, execRunner ExecRunner) *PasswordProvider

NewPasswordProvider creates a new PasswordProvider

func (*PasswordProvider) Generate

func (p *PasswordProvider) Generate(ctx context.Context) (string, error)

Generate retrives the password from the tool

func (*PasswordProvider) SetConfiguration

func (p *PasswordProvider) SetConfiguration(passwordProvider string, passwordProviderArgs []string) error

SetConfiguration parses token provider configuration and resolves paths specified therein

type RevokeFunc

type RevokeFunc func()

type TokenMaintenance

type TokenMaintenance struct {
	// contains filtered or unexported fields
}

func NewTokenMaintenance

func NewTokenMaintenance(logging logger.LoggingClient, secretClient secretstoreclient.SecretStoreClient) *TokenMaintenance

NewTokenMaintenance creates a new TokenProvider

func (*TokenMaintenance) CreateTokenIssuingToken

func (tm *TokenMaintenance) CreateTokenIssuingToken(rootToken string) (map[string]interface{}, RevokeFunc, error)

CreateTokenIssuingToken creates an admin token that allows the holder to create per-service tokens an policies. Requires a root token, returns a function that, if called, with revoke the token

func (*TokenMaintenance) RevokeNonRootTokens

func (tm *TokenMaintenance) RevokeNonRootTokens(privilegedToken string) error

RevokeNonRootTokens revokes non-root tokens that may have been issued in previous EdgeX runs. Should be called with a high-privileged token.

func (*TokenMaintenance) RevokeRootTokens

func (tm *TokenMaintenance) RevokeRootTokens(privilegedToken string) error

RevokeRootTokens revokes any root tokens found in the secret store. Should be called with a high-privileged token.

type TokenProvider

type TokenProvider struct {
	// contains filtered or unexported fields
}

func NewTokenProvider

func NewTokenProvider(ctx context.Context, lc logger.LoggingClient, execRunner ExecRunner) *TokenProvider

NewTokenProvider creates a new TokenProvider

func (*TokenProvider) Launch

func (p *TokenProvider) Launch() error

Launch spawns the token provider function

func (*TokenProvider) SetConfiguration

func (p *TokenProvider) SetConfiguration(config secretstoreclient.SecretServiceInfo) error

SetConfiguration parses token provider configuration and resolves paths specified therein

type UserPasswordPair

type UserPasswordPair struct {
	User     string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL